Unable to use pkcs12 authentication

Got a problem with Viscosity or need help? Ask here!

fyellin


Post by fyellin » Tue Dec 09, 2008 1:24 pm
It seems that Viscosity doesn't know how to ask for a password when using a pkcs12 certificate.

The config.conf file generated by Viscosity correctly contained the lines:
Code: Select all
tls-auth ta.key 1
pkcs12 pkcs.p12
When I try running this using the GUI, I get the error message:
Mon Dec 8 18:05:50 2008: Error parsing PKCS#12 file pkcs.p12: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
Mon Dec 8 18:05:50 2008: Error: private key password verification failed
When I try running openvpn directly:
Code: Select all
sudo /Applications/Viscosity.app/Contents/Resources/openvpn2.1 config.conf
it correctly asks me for the pkcs12 password, and then establishes the tunnel.

James

User avatar
Posts: 1876
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Dec 09, 2008 6:47 pm
How do you get on if you manually import your original OpenVPN config file and associated key/certificate files? Instructions for doing so can be found at:
http://www.viscosityvpn.com/forum/viewt ... p?p=76#p76

Cheers
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

fyellin

Posts: 1
Joined: Wed Dec 10, 2008 5:33 am

Post by fyellin » Wed Dec 10, 2008 5:42 am
No joy.

I did the following:
Code: Select all
bash-3.2$ cd Library/Application\ Support/Viscosity/OpenVPN/
bash-3.2$ mkdir 2
bash-3.2$ cp 1/* 2
bash-3.2$ cp ~/Library/openvpn/home/Frank.p12 2
bash-3.2$ rm 2/ca.crt 2/cert.crt 2/key.key
I then edited 2/config.conf by
  • Deleting the Viscosity lines at the top
  • Commenting out the "ca", "cert", and "key" lines
  • Adding the line "pkcs12 Frank.p12"
I also verified that the config.conf file looked like what I would have expected it to look like if I had written it by hand.

The result was identical. It never asked me for a password. It failed it parse the file Frank.p12 since it didn't know the password. Running
Code: Select all
sudo /Applications/...../openvpn2.1 config.conf 
directly worked correctly.

James

User avatar
Posts: 1876
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Dec 16, 2008 5:32 am
Hi fyellin,

I'll see if I can replicate what might be happening and post back here.

If you're able to, I'd appreciate it if you could send a copy of your raw OpenVPN config file to [email protected] (feel free to censor out any sensitive addresses etc).

Regards
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
4 posts Page 1 of 1